[PATCH bpf v2 0/2] Fix bpf_probe_read_user_str() overcopying

From: Daniel Xu
Date: Wed Nov 04 2020 - 21:26:09 EST

Next message: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Previous message: Stephen Boyd: "Re: [PATCH 4/4] clk: qcom: Add support for SDX55 RPMh clocks"
Next in thread: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user,
kernel}_str helpers") introduced a subtle bug where
bpf_probe_read_user_str() would potentially copy a few extra bytes after
the NUL terminator.

This issue is particularly nefarious when strings are used as map keys,
as seemingly identical strings can occupy multiple entries in a map.

This patchset fixes the issue and introduces a selftest to prevent
future regressions.

Daniel Xu (2):
lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator
selftest/bpf: Test bpf_probe_read_user_str() strips trailing bytes
after NUL

lib/strncpy_from_user.c | 9 ++-
.../bpf/prog_tests/probe_read_user_str.c | 60 +++++++++++++++++++
.../bpf/progs/test_probe_read_user_str.c | 34 +++++++++++
3 files changed, 101 insertions(+), 2 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/probe_read_user_str.c
create mode 100644 tools/testing/selftests/bpf/progs/test_probe_read_user_str.c

--
2.28.0

Next message: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Previous message: Stephen Boyd: "Re: [PATCH 4/4] clk: qcom: Add support for SDX55 RPMh clocks"
Next in thread: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]